Op3r

Another point to consider. What to do if somebody wanted to gain access to your vicidial web admin? Well good thing about VICIDIAL Open Source Call Center Suite is that its almost documented. Matt is kinda a stickler for docs which I liked. Anyhow here’s what contain on the Base Install doc.

You may want to reduce the exposure of some of the elements of VICIDIAL. Here are some examples:

ln -s /dev/null /usr/local/apache2/htdocs/vicidial/project_auth_entries.txt
ln -s /dev/null /usr/local/apache2/htdocs/agc/vicidial_auth_entries.txt
ln -s /dev/null /usr/local/apache2/htdocs/agc/astguiclient_auth_entries.txt
ln -s /dev/null /usr/local/apache2/htdocs/vicidial/admin_changes_log.txt

- Change the WWW writable in the admin.php server settings to “0″
- Change the default admin user “6666″ or it’s password from the default
- Change the Default secret(password) for the default SIP and IAX accounts that are set up with astGUIclient
- Change the default password for the Asterisk manager connection in manager.conf then change it in the server modification screen
- Change the default password for the mysql cron user in mysql and change it to match in /etc/astguiclient.conf on each server
- Possibly use static IP addresses for the IAX/SIP conf account entries
- Change the default port for Apache in httpd.conf from 80 to something else
- Change the default port for IAX in iax.conf from 4569 to something else
- Change the default control port for SIP in sip.conf from 5060 to something else
- Use a firewall to route access using different port numbers or restricting connection by VPN or set IP addresses

for those people using vicidialNOW, the iptables entries are there. But you can also follow what was instructed above.

Easy isnt it? If you dont want to do it yourself, I am available as a consultant (gotta pay the bills!)